ParaSwap Starts Refunding Users Following Exploit

Reading Time: 2 minutes
  • ParaSwap has started returning funds maliciously drained from users in an exploit last week
  • The DeFi platform reimbursed users who had revoked permissions to affected smart contract
  • The platform used funds recovered by white hat hackers to make affected users whole

DeFi platform ParaSwap is honoring its commitment to make users whole again after suffering a smart contract exploit last week. The platform used funds recovered by white hat hackers to refund those who had canceled permissions given to the affected smart contract dubbed AugustusV6. ParaSwap disclosed that those that haven’t received funds are yet to revoke permissions to the contract adding that 213 such wallets are “still vulnerable,” meaning that the hacker can still siphon more funds from them.

Ready to Discuss the Next Steps

In an X post, the protocol shared an update noting that it has provided “the appropriate authorities” with a comprehensive report that will help in tracking the malicious actor. It’s also working with blockchain security firms like Chainalysis to trace “the movement of funds.”

ParaSwap has identified over 15 hacker addresses with most of them being on Ethereum and Arbitrum networks. In an on-chain message sent to the hacker last week, the DeFi protocol provided a grace period of up to March 27 before involving law enforcement agencies. 

The protocol also indicated its willingness to “discuss the next steps” with the hacker which may include offering a bug bounty. Although the hacker initially stole $24,000, this amount has likely increased due to the 213 wallets that are still vulnerable. 

SSS Loses $4 Million

ParaSwap’s move comes two days after Blast-based game SSS lost more than $4 million in an exploit. It also comes four months after a French court cleared hackers of any wrongdoing after the exploiters said that they intended to return the funds.

With the ParaSwap hacker having less than a day to return the funds and with $24,000 initially stolen, it’s to be seen whether the protocol will actualize their threat of involving law enforcement agencies.